Incident response playbooks

Ransomware Response

Severity: Critical

Contain, preserve evidence, and activate recovery workflows.

  1. Isolate infected systems from the network.
  2. Preserve volatile evidence and backup logs.
  3. Validate restore points and check backups.
  4. Notify stakeholders and law enforcement.

Phishing Compromise

Severity: High

Disconnect impacted accounts and verify lateral movement.

  1. Reset affected credentials and revoke sessions.
  2. Monitor related accounts for abnormal access.
  3. Malware scan endpoints and mailboxes.
  4. Update detection rules for the phishing indicators.